Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Information Security News: Re: Start-up banks on hack-proof Linux

Re: Start-up banks on hack-proof Linux

From: InfoSec News <isn_at_c4i.org>
Date: Fri, 27 Sep 2002 02:06:31 -0500 (CDT)

Forarded from: Kurt Seifried <listuser_at_seifried.org>

I don't mean to be rude but EnGarde is far from "secure". Duct-taping
LIDS on top of the system helps but attackers can still compromise
services, load code into memory and do naughty things. Check out the
following list of advisories for 2002 alone. Please also note that
they haven't issued advisories for the last ~2 months, leaving users
vulnerable to several major issues.

 ESA-20020114-001 January 14, 2002 'sudo' MTA invocation as root
 
 ESA-20020114-002 January 14, 2002 'pine' URL handling vulnerability
 
 ESA-20020114-003 January 14, 2002 Several LIDS vulnerabilities
 
 ESA-20020125-004 January 25, 2002 'rsync' signed integer handling
 vulnerability
      
 ESA-20020301-005 March 1, 2002 mod_ssl's session caching potential
 buffer overflow
      
 ESA-20020301-006 March 1, 2002 Several flaws in PHP's MIME parsing.
      
 ESA-20020307-007 March 7, 2002 Local vulnerability in OpenSSH's
 channel code.
      
 ESA-20020311-008 March 11, 2002 Double free() in zlib may lead to
 buffer overflow.
      
 ESA-20020423-009 April 23, 2002 webalizer contains a potentially
 exploitable buffer overflow.
      
 ESA-20020429-010 April 29, 2002 sudo heap corruption vulnerability
      
 EBA-20020515-011 May 15, 2002 Fix defaults in php.ini
      
 EBA-20020515-012 May 15, 2002 Minor parsing fixes in Daily
 Summaries report.
      
 ESA-20020607-013 June 07, 2002 Remote buffer overflow in imap
 daemon.
      
 ESA-20020619-014 June 19, 2002 'apache' chunk handling overflow
 vulnerability
      
 ESA-20020625-015 June 25, 2002 openssh: introduce privilege
 separation into sshd
      
 ESA-20020702-016 July 02, 2002 several vulnerabilities in the
 OpenSSH daemon
      
 ESA-20020702-017 July 02, 2002 off-by-one in mod_ssl's
 configuration directive handling
      
 ESA-20020724-018 July 24, 2002 Buffer overflow in BIND4-derived
 resolver code
      
 ESA-20020730-019 July 30, 2002 Several vulnerabilities in the
 openssl library.
      
 ESA-20020807-020 August 7, 2002 OpenSSL ASN.1 vulnerability fix
 corrections.

Kurt Seifried, kurt_at_seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn'
in the BODY of the mail.
Received on Sep 27 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos